oss/miniflux-v2
oss/miniflux-v2
1
0
Fork 0
mirror of https://github.com/miniflux/v2.git synced 2025-08-11 17:51:01 +00:00
Code Wiki Activity

Add generic OpenID Connect provider (OAuth2)

Browse source 
This adds the oauth2 provider `oidc`. It needs an additional argument, the OIDC discovery endpoint to figure out where the auth and token URLs are.

Configuration is similar to setting up the Google Authentication with these changes:

 * `OAUTH2_PROVIDER = oidc`
 * `OAUTH2_OIDC_DISCOVERY_ENDPOINT = https://auth.exampe.org/discovery`
This commit is contained in:
Patrick 2020-03-08 03:45:19 +01:00 committed by GitHub
parent 54602b55bb
commit 3e1e0b604f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
88 changed files with 15856 additions and 155 deletions
Download patch file Download diff file Expand all files Collapse all files

61
oauth2/oidc.go Normal file
View file

@ -0,0 +1,61 @@
// Copyright 2017 Frédéric Guillot. All rights reserved.
// Use of this source code is governed by the Apache 2.0
// license that can be found in the LICENSE file.
package oauth2 // import "miniflux.app/oauth2"
import (
"context"
"github.com/coreos/go-oidc"
"golang.org/x/oauth2"
)
type oidcProvider struct {
clientID string
clientSecret string
redirectURL string
provider *oidc.Provider
}
func (o oidcProvider) GetUserExtraKey() string {
return "oidc_id" // FIXME? add extra options key to allow multiple OIDC providers each with their own extra key?
}
func (o oidcProvider) GetRedirectURL(state string) string {
return o.config().AuthCodeURL(state)
}
func (o oidcProvider) GetProfile(ctx context.Context, code string) (*Profile, error) {
conf := o.config()
token, err := conf.Exchange(ctx, code)
if err != nil {
return nil, err
}
userInfo, err := o.provider.UserInfo(ctx, oauth2.StaticTokenSource(token))
if err != nil {
return nil, err
}
profile := &Profile{Key: o.GetUserExtraKey(), ID: userInfo.Subject, Username: userInfo.Email}
return profile, nil
}
func (o oidcProvider) config() *oauth2.Config {
return &oauth2.Config{
RedirectURL: o.redirectURL,
ClientID: o.clientID,
ClientSecret: o.clientSecret,
Scopes: []string{"openid", "email"},
Endpoint: o.provider.Endpoint(),
}
}
func newOidcProvider(ctx context.Context, clientID, clientSecret, redirectURL, discoveryEndpoint string) (*oidcProvider, error) {
provider, err := oidc.NewProvider(ctx, discoveryEndpoint)
if err != nil {
return nil, err
}
return &oidcProvider{clientID: clientID, clientSecret: clientSecret, redirectURL: redirectURL, provider: provider}, nil
}